[c-nsp] PIX Upgrade Problem

Tony Varriale tvarriale at comcast.net
Tue Apr 22 18:28:18 EDT 2008 

Just for reference, Cisco just started enforcing that.

You used to be able to put in the numeric static, and traffic would not pass 
if the global was your outside interface IP.

tv
----- Original Message ----- 
From: "Paul Stewart" <paul at paulstewart.org>
To: "'Eric Girard'" <egirard at focustsi.com>; "'cisco-nsp'" 
<cisco-nsp at puck.nether.net>
Sent: Tuesday, April 22, 2008 12:40 PM
Subject: Re: [c-nsp] PIX Upgrade Problem


> Awesome!  That's it... funny I thought I had tried that..
>
> Thank you - everything working now...
>
> Paul
>
>
> -----Original Message-----
> From: Eric Girard [mailto:egirard at focustsi.com]
> Sent: Tuesday, April 22, 2008 1:22 PM
> To: Paul Stewart; cisco-nsp
> Subject: RE: [c-nsp] PIX Upgrade Problem
>
> Paul,
> Did you try static (inside,outside) tcp interface 3389
> 10.1.1.200 3389 netmask 255.255.255.255?
>
> Eric
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
> Sent: Tuesday, April 22, 2008 1:12 PM
> To: 'cisco-nsp'
> Subject: [c-nsp] PIX Upgrade Problem
>
> Hi folks...
>
> We upgraded a PIX515E to a new OS a few weeks ago and now our static PAT
> statements no longer work... scratching my head to figure how to
> resolve.
>
> Old statement: static (inside,outside) tcp xxx.xxx.100.8 3389 10.1.1.200
> 3389 netmask 255.255.255.255
>
> When I try to put this onto the newer version (7.2(4)) I get the
> following
> and can't work around it for some reason...
> ERROR: Static PAT using the interface requires the use of the
> 'interface'
> keyword instead of the interface IP address
>
> I've tried a few variations and obviously am not finding the correct one
> including using the interface statement... any ideas?
>
> Thanks,
>
> Paul
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list